Bring-your-own-device, or BYOD, is popular in small businesses these days, because companies don't have to purchase mobile devices when employees willingly use their own. But protecting company data on employee-owned devices can be a tricky affair, in both the legal and the technical sense.

Guarding data and access to the company network on company-owned devices is equally taxing. While mobile device management (MDM) tools abound, it's sometimes difficult to tell which is best for your needs. To help you with that, here's a guide to help you decide.

Mobile Device Management: Pros and Cons

Mobile device management (MDM) software manages the actual device. Generally speaking, these tools let you manage mobile devices remotely and from a centralized dashboard, no matter whether they're company or employee owned devices. Once you connect a device to the software, you can enforce security and compliance policies, grant or deny the device's access to your company data, and automate many functions such as app and security distribution and updates. They also let you wipe data off a device that's been lost or stolen, or that belongs to an employee who has left the company.

While you're likely nodding your head at this point thinking this is perhaps precisely what you need, MDM software also has few cons that you need to consider.

For one thing, wiping an employee-owned device clean means the employee loses all his or her personal data too. Data such as personal photos, personal documents and files, creative works, apps, call records, calendar appointments, and contact lists. In effect, it renders a device completely unusable. Many a business has been sued for losing personal data in a device wipe and for losing use of the device, too.

MDM gives you complete and comprehensive control over mobile devices. You just need to be extra sure that your BYOD and MDM policies are rock solid and that employees sign a document stating that

they understand what a wipe and other MDM actions can mean to them

that they agree to all actions outlined in your policy

"All the vendors say pretty much the same thing about their product, which makes it hard to differentiate them and make a decision for your business," said Jeff Driscoll, IT manager at Marketing Mojo, adding that he's "used several products for small business MDM, including N-able, Centrastage, ManageEngine, GFI Max [now Max Remote Management or MaxFocus], and trialed a bunch of others."

"Cost is an acute point for small businesses, and it can vary wildly, but almost all [MDM software] will be a monthly subscription billed per device," he explained. Mobile carriers offer basic MDM, too. Driscoll says that it won't be elegant, or particularly easy to use, but you can expect basic functions such as remote data wiping of phones. Third-party MDM pricing usually ranges between $1 and $10/month per device.

"You can get bundle deals if you also monitor your workstations and servers," says Driscoll. "MDM is commonly bundled with or tacked on to asset management or remote monitoring and management (RMM) solutions for servers and workstations. Some are just lightweight half-measures, and the industry is just now getting to a level of true MDM," he added.

The Alternative to MDM: Mobile Application Management

Mobile application management (MAM), as the name implies, manages applications on a mobile device instead of managing the device itself.

MAM lets you control and manage specific applications—namely business applications—without affecting any consumer applications or personal data on a mobile device. That means you can still wipe data off a device if an employee leaves your employ, or if a device is lost or stolen, without damaging anything personal that the device owner has stored on the device.

Some MAM products containerize applications as well, meaning that even if malware exists on the mobile device, it can't penetrate the apps in the container.

You can still automate app and security distributions and enforce policies. You can also remotely wipe data from the device to retain company data—such as phone logs and contact lists—as opposed to such records remaining on the device when the employee leaves.

The MDM Plus MAM Option

Many products today combine the best of both worlds and offer a blend of MDM and MAM features and functionalities. Before you get too excited about this, be aware that both terms are loosely thrown about by vendors. Due diligence is important; insist that vendors spell out precisely what they mean when they use these terms.

Most anti-virus and anti-malware companies also offer MDM and MAM products, so you might want to check with whichever company you use for anti-virus protection to see what's available. You may also want to check with your cell phone carrier to see what they have to offer.

Some of these companies offer MDM and/or MAM at no extra cost or for a modest monthly premium. Other reputable vendors offer blended products too, so you have many options. But again, be sure you understand what you're getting before you sign the dotted line. Not all of these products are created equal.